Error binding socket;
Hi I am getting below error while restarting server . [root@localhost logs]# /etc/init.d/syslog-ng restart Stopping syslog-ng: [FAILED] syslog-ng is stopped Starting syslog-ng: [2018-05-11T16:41:55.756615] Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)' [2018-05-11T16:41:55.756684] Error initializing message pipeline; plugin name='network', location='/etc/syslog-ng/syslog-ng.conf:24:3' [FAILED] My requirement :- OS:- centos 6.5 1. I want to use wildcard to send all apache custom logs from client to server . Configuration of both client and server :-
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>client conf<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @version:3.13 @include "scl.conf" @define allow-config-dups 1
source s_local { system(); internal(); }; destination d_network {udp("192.168.122.67" port(514)); }; destination d_local { file("/var/log/messages"); }; log{ source(s_local); destination(d_network); destination(d_local); }; #################### source s_local{ wildcard-file( base-dir("/usr/local/apache/logs") filename-pattern("*.log") recursive(no) follow-freq(1)); }; destination d_network {tcp("192.168.122.67" port(514)); }; log{ source(s_local); destination(d_network); };
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>server conf<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
@version:3.13 @include "scl.conf" source s_local{system(); internal();}; source s_network{ udp(); tcp(); }; destination d_local{file("/var/log/messages");}; destination d_from_net{file("/var/log/from_net");}; log{ source(s_local); destination(d_local); }; log { source(s_network); destination(d_from_net); }; source s_net { network(flags(no-parse)); }; parser p_apache { csv-parser( columns("apache.FILE_NAME", "apache.MESSAGE") flags(greedy) ); }; destination d_apache { file("/usr/local/apache/logs/${apache.FILE_NAME}" template("${apache.MESSAGE}\n")); }; log{ source (s_net); parser (p_apache); destination(d_apache); }; What should be changed on configuration file on both side ? *Thanks & Regards :-* *VINOD SINGH SAUD* *(M):- 09718663552* *(W):-09997645597* *(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>*
Hi! It seems that some other process is using the default syslog port
Starting syslog-ng: [2018-05-11T16:41:55.756615] Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)'
I would suggest to check the port with netstat. Regards, Gabor On Fri, May 11, 2018 at 1:23 PM, vinod samant <vinod.samant.123@gmail.com> wrote:
Hi I am getting below error while restarting server .
[root@localhost logs]# /etc/init.d/syslog-ng restart Stopping syslog-ng: [FAILED] syslog-ng is stopped Starting syslog-ng: [2018-05-11T16:41:55.756615] Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)' [2018-05-11T16:41:55.756684] Error initializing message pipeline; plugin name='network', location='/etc/syslog-ng/syslog-ng.conf:24:3' [FAILED]
My requirement :-
OS:- centos 6.5
1. I want to use wildcard to send all apache custom logs from client to server .
Configuration of both client and server :-
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>client conf<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @version:3.13 @include "scl.conf" @define allow-config-dups 1
source s_local { system(); internal();
}; destination d_network {udp("192.168.122.67" port(514));
};
destination d_local { file("/var/log/messages"); };
log{ source(s_local); destination(d_network); destination(d_local);
};
#################### source s_local{ wildcard-file( base-dir("/usr/local/apache/logs") filename-pattern("*.log") recursive(no) follow-freq(1)); };
destination d_network {tcp("192.168.122.67" port(514));
};
log{ source(s_local); destination(d_network);
};
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>server conf<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
@version:3.13 @include "scl.conf"
source s_local{system(); internal();}; source s_network{
udp(); tcp();
};
destination d_local{file("/var/log/messages");}; destination d_from_net{file("/var/log/from_net");}; log{ source(s_local); destination(d_local); }; log { source(s_network); destination(d_from_net); };
source s_net { network(flags(no-parse)); };
parser p_apache { csv-parser( columns("apache.FILE_NAME", "apache.MESSAGE") flags(greedy) ); }; destination d_apache { file("/usr/local/apache/logs/${apache.FILE_NAME}" template("${apache.MESSAGE}\n")); };
log{ source (s_net); parser (p_apache); destination(d_apache); };
What should be changed on configuration file on both side ?
*Thanks & Regards :-*
*VINOD SINGH SAUD*
*(M):- 09718663552*
*(W):-09997645597*
*(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>*
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi , When i am going to comment those lines on server side ,syslog-ng is working fine ,But all logs are coming in one file */var/log/from_net .* *commented lines:-* source s_net { network(flags(no-parse)); }; parser p_apache { csv-parser( columns("apache.FILE_NAME", "apache.MESSAGE") flags(greedy) ); }; destination d_apache { file("/usr/local/apache/logs/${apache.FILE_NAME}" template("${apache.MESSAGE}\n")); }; log{ source (s_net); parser (p_apache); destination(d_apache); }; *Is it necessary to define port in server side configuration file also?* *Can you share wildcard configuration for both server side and cilent side?* *Thanks & Regards :-* *VINOD SINGH SAUD* *(M):- 09718663552* *(W):-09997645597* *(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>* On Fri, May 11, 2018 at 6:02 PM, Nagy, Gábor <gabor.nagy@balabit.com> wrote:
Hi!
It seems that some other process is using the default syslog port
Starting syslog-ng: [2018-05-11T16:41:55.756615] Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)'
I would suggest to check the port with netstat.
Regards, Gabor
On Fri, May 11, 2018 at 1:23 PM, vinod samant <vinod.samant.123@gmail.com> wrote:
Hi I am getting below error while restarting server .
[root@localhost logs]# /etc/init.d/syslog-ng restart Stopping syslog-ng: [FAILED] syslog-ng is stopped Starting syslog-ng: [2018-05-11T16:41:55.756615] Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)' [2018-05-11T16:41:55.756684] Error initializing message pipeline; plugin name='network', location='/etc/syslog-ng/syslog-ng.conf:24:3' [FAILED]
My requirement :-
OS:- centos 6.5
1. I want to use wildcard to send all apache custom logs from client to server .
Configuration of both client and server :-
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>client conf<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @version:3.13 @include "scl.conf" @define allow-config-dups 1
source s_local { system(); internal();
}; destination d_network {udp("192.168.122.67" port(514));
};
destination d_local { file("/var/log/messages"); };
log{ source(s_local); destination(d_network); destination(d_local);
};
#################### source s_local{ wildcard-file( base-dir("/usr/local/apache/logs") filename-pattern("*.log") recursive(no) follow-freq(1)); };
destination d_network {tcp("192.168.122.67" port(514));
};
log{ source(s_local); destination(d_network);
};
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>server conf<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
@version:3.13 @include "scl.conf"
source s_local{system(); internal();}; source s_network{
udp(); tcp();
};
destination d_local{file("/var/log/messages");}; destination d_from_net{file("/var/log/from_net");}; log{ source(s_local); destination(d_local); }; log { source(s_network); destination(d_from_net); };
source s_net { network(flags(no-parse)); };
parser p_apache { csv-parser( columns("apache.FILE_NAME", "apache.MESSAGE") flags(greedy) ); }; destination d_apache { file("/usr/local/apache/logs/${apache.FILE_NAME}" template("${apache.MESSAGE}\n")); };
log{ source (s_net); parser (p_apache); destination(d_apache); };
What should be changed on configuration file on both side ?
*Thanks & Regards :-*
*VINOD SINGH SAUD*
*(M):- 09718663552*
*(W):-09997645597*
*(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>*
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Please suggest on this. *Thanks & Regards :-* *VINOD SINGH SAUD* *(M):- 09718663552* *(W):-09997645597* *(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>* On Fri, May 11, 2018 at 6:33 PM, vinod samant <vinod.samant.123@gmail.com> wrote:
Hi , When i am going to comment those lines on server side ,syslog-ng is working fine ,But all logs are coming in one file */var/log/from_net .*
*commented lines:-*
source s_net { network(flags(no-parse)); };
parser p_apache { csv-parser( columns("apache.FILE_NAME", "apache.MESSAGE") flags(greedy) ); }; destination d_apache { file("/usr/local/apache/logs/${apache.FILE_NAME}" template("${apache.MESSAGE}\n")); };
log{ source (s_net); parser (p_apache); destination(d_apache); };
*Is it necessary to define port in server side configuration file also?*
*Can you share wildcard configuration for both server side and cilent side?*
*Thanks & Regards :-*
*VINOD SINGH SAUD*
*(M):- 09718663552*
*(W):-09997645597*
*(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>*
On Fri, May 11, 2018 at 6:02 PM, Nagy, Gábor <gabor.nagy@balabit.com> wrote:
Hi!
It seems that some other process is using the default syslog port
Starting syslog-ng: [2018-05-11T16:41:55.756615] Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)'
I would suggest to check the port with netstat.
Regards, Gabor
On Fri, May 11, 2018 at 1:23 PM, vinod samant <vinod.samant.123@gmail.com
wrote:
Hi I am getting below error while restarting server .
[root@localhost logs]# /etc/init.d/syslog-ng restart Stopping syslog-ng: [FAILED] syslog-ng is stopped Starting syslog-ng: [2018-05-11T16:41:55.756615] Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)' [2018-05-11T16:41:55.756684] Error initializing message pipeline; plugin name='network', location='/etc/syslog-ng/syslog-ng.conf:24:3' [FAILED]
My requirement :-
OS:- centos 6.5
1. I want to use wildcard to send all apache custom logs from client to server .
Configuration of both client and server :-
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>client conf<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @version:3.13 @include "scl.conf" @define allow-config-dups 1
source s_local { system(); internal();
}; destination d_network {udp("192.168.122.67" port(514));
};
destination d_local { file("/var/log/messages"); };
log{ source(s_local); destination(d_network); destination(d_local);
};
#################### source s_local{ wildcard-file( base-dir("/usr/local/apache/logs") filename-pattern("*.log") recursive(no) follow-freq(1)); };
destination d_network {tcp("192.168.122.67" port(514));
};
log{ source(s_local); destination(d_network);
};
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>server conf<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
@version:3.13 @include "scl.conf"
source s_local{system(); internal();}; source s_network{
udp(); tcp();
};
destination d_local{file("/var/log/messages");}; destination d_from_net{file("/var/log/from_net");}; log{ source(s_local); destination(d_local); }; log { source(s_network); destination(d_from_net); };
source s_net { network(flags(no-parse)); };
parser p_apache { csv-parser( columns("apache.FILE_NAME", "apache.MESSAGE") flags(greedy) ); }; destination d_apache { file("/usr/local/apache/logs/${apache.FILE_NAME}" template("${apache.MESSAGE}\n")); };
log{ source (s_net); parser (p_apache); destination(d_apache); };
What should be changed on configuration file on both side ?
*Thanks & Regards :-*
*VINOD SINGH SAUD*
*(M):- 09718663552*
*(W):-09997645597*
*(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>*
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
"vinod" == vinod samant <vinod.samant.123@gmail.com> writes:
vinod> When i am going to comment those lines on server side ,syslog-ng is vinod> working fine ,But all logs are coming in one file vinod> */var/log/from_net .* Can you show us your *full* configuration, including any included config files? In the samples I showed, there is no `/var/log/from_net`, so my suspicion is that some other part of your configuration sets up a similar source, and a logpath that routes those logs elsewhere. vinod> *Is it necessary to define port in server side configuration vinod> file also?* No, it has a default port, and the client side will use the same default port when no port is specified. But if you do specify a different port on either side, the other one will have to be adapted too. vinod> *Can you share wildcard configuration for both server side and cilent vinod> side?* I did, a few messages ago. -- |8]
Hi Gergely, My configuration my of both client and server side.
>>>>>>>>>>>>>>>>>>>>>>client confg<<<<<<<<<<<<<<<<<<<<<<<<<<< @version:3.13 @include "scl.conf" @define allow-config-dups 1
#options { # flush_lines (0); # time_reopen (10); # log_fifo_size (1000); # chain_hostnames (off); # use_dns (no); # use_fqdn (no); # create_dirs (no); # keep_hostname (yes); #}; source s_local { system(); internal(); }; destination d_network {udp("192.168.122.67" port(514)); }; destination d_local { file("/var/log/messages"); }; log{ source(s_local); destination(d_network); destination(d_local); }; source s_local{ wildcard-file( base-dir("/usr/local/apache/logs") filename-pattern("*.log") recursive(no) follow-freq(1)); }; destination d_network {tcp("192.168.122.67" port(514)); }; log{ source(s_local); destination(d_network); };
>>>>>>>>>>>>>>>>>>>>>>>server side cong<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @version:3.13 @include "scl.conf"
source s_local{system(); internal();}; source s_network{ udp(); tcp(); }; destination d_local{file("/var/log/messages");}; destination d_from_net{file("/var/log/from_net");}; log{ source(s_local); destination(d_local); }; log { source(s_network); destination(d_from_net); }; source s_net { network(flags(no-parse)); }; parser p_apache { csv-parser( columns("apache.FILE_NAME", "apache.MESSAGE") flags(greedy) ); }; destination d_apache { file("/usr/local/apache/logs/${apache.FILE_NAME}" template("${apache.MESSAGE}\n")); }; log{ source (s_net); parser (p_apache); destination(d_apache); }; *Thanks & Regards :-* *VINOD SINGH SAUD* *(M):- 09718663552* *(W):-09997645597* *(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>* On Mon, May 14, 2018 at 5:30 PM, Gergely Nagy <algernon@balabit.com> wrote:
"vinod" == vinod samant <vinod.samant.123@gmail.com> writes:
vinod> When i am going to comment those lines on server side ,syslog-ng is vinod> working fine ,But all logs are coming in one file vinod> */var/log/from_net .*
Can you show us your *full* configuration, including any included config files? In the samples I showed, there is no `/var/log/from_net`, so my suspicion is that some other part of your configuration sets up a similar source, and a logpath that routes those logs elsewhere.
vinod> *Is it necessary to define port in server side configuration vinod> file also?*
No, it has a default port, and the client side will use the same default port when no port is specified. But if you do specify a different port on either side, the other one will have to be adapted too.
vinod> *Can you share wildcard configuration for both server side and cilent vinod> side?*
I did, a few messages ago.
-- |8]
"vinod" == vinod samant <vinod.samant.123@gmail.com> writes:
vinod> Hi Gergely, vinod> My configuration my of both client and server side. >>>>>>>>>>>>>>>>>>>>>>>>>>>>> client confg<<<<<<<<<<<<<<<<<<<<<<<<<<< vinod> @version:3.13 vinod> @include "scl.conf" vinod> @define allow-config-dups 1 ...and herein lies one of your problems. You have multiple blocks with the same name (`s_local`, `d_network`, etc). Only one of them will be active, the last one. In case of the client config, it will only forward apache logs, because the last `s_local` block sources from there. If you want to forward system and internal logs too, you'll have to name the block differently. And likely forward to a different port, because in the examples I provided, the server-side will only handle the apache logs correctly. vinod> >>>>>>>>>>>>>>>>>>>>> server side cong<<<<<<<<<<<<<<<<<<<<<<<<<<<< [...] vinod> source s_network{ vinod> udp(); vinod> tcp(); vinod> }; vinod> log { source(s_network); destination(d_from_net); }; The above two snippets will make syslog-ng listen on the default udp & tcp ports, and route every message to the `d_from_net` destination. Which happens to be `/var/log/from_net`. vinod> source s_net { vinod> network(flags(no-parse)); vinod> }; Because the `s_network` source uses the default ports, and so does this, this will not be able to start, because the previous one already occupies the port. vinod> log{ vinod> source (s_net); vinod> parser (p_apache); vinod> destination(d_apache); vinod> }; For the above reason, `s_network` will see no traffic, and nothing will get routed this way. This is why your logs end up in `/var/log/from_net`. I would suggest starting from the simple - but complete - examples I gave, and extending it step-by-step to include other logs than apache. -- |8]
participants (3)
-
Gergely Nagy
-
Nagy, Gábor
-
vinod samant